The Dojo PCI API is RESTful. It returns HTTP response codes to indicate errors. It also accepts and returns JSON in the HTTP body.

Use the following base URL when making requests to the API: https://pci-api.dojo.tech/ (TBD)

The Dojo PCI API uses Basic HTTP auth. You can generate API keys in Developer Portal. Secret keys for the test environment have the prefix sk_sandbox_ and for production have the prefix sk_prod_. You must include your secret API key in the header of all requests, for example:

curl
  --header 'content-type: application/json' \
  --header 'Authorization: Basic sk_prod_your_key' \
...

API requests without authentication will fail.

The API returns standard HTTP response codes RFC 7231 on each request to indicate the success or otherwise of API requests. HTTP status codes summary are listed below:

• 200 OK—The request was successful.
• 201 Created—The request was successful, and a new resource was created as a result.
• 204 No Content—The request was successful, but there is no content to send.
• 400 Bad Request—Bad request, probably due to a syntax error.
• 401 Unauthorized—Authentication required.
• 403 Forbidden—The API key doesn't have permissions.
• 404 Not Found—The resource doesn't exist.
• 405 Method Not Allowed—The request method is known by the server but isn't supported by the target resource.
• 409 Conflict—The request couldn't be completed because it conflicted with another request or the server's configuration.
• 500, 502, 503, 504 Server Errors—An error occurred with our API.

Dojo follows the error response format proposed in RFC 7807 also known as Problem Details for HTTP APIs. All errors are returned in the form of JSON.

Error Schema

In case of an error, the response object contains the following fields:

• errors [object]—A human-readable explanation of errors.
• type [string]— A URI reference RFC 3986 that identifies the problem type.
• title [string]—A short, human-readable summary of the error.
• status [integer]—The HTTP status code.
• detail [string]—A human-readable message giving more details about the error. Not always present.
• traceId [string]—The unique identifier of the failing request. The following example shows a possible error response:

{
    "errors": {
        "Reference": [
            "The Reference field is required."
        ]
    },
    "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
    "title": "One or more validation errors occurred.",
    "status": 400,
    "traceId": "00-a405f077df056a498323ffbcec05923f-aa63e6f4dbbc734a-01",
}

Dojo APIs use the yyyy-mm-dd API version-naming scheme. You have to pass the version as the version header in all API calls, for example:

curl
  --header 'content-type: application/json' \
  --header 'Authorization: Basic sk_prod_your_key' \
  --header 'version: 2023-11-12' \

Creates a payment intent to tokenize card details for later payments.